Better error message when the files cannot be read
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@7 5c01084b-1f27-0410-9f85-80411afe95dc
This commit is contained in:
parent
47c7711a79
commit
5808029a6a
|
@ -1,3 +1,11 @@
|
||||||
|
2007-01-15 Steve Kemp <steve at shellcode dot org>
|
||||||
|
* Fix Debian bug #268236.
|
||||||
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=268236
|
||||||
|
This complains that flawfinder crashes when presented with a
|
||||||
|
file it cannot read. The patch obviously can't prevent
|
||||||
|
the problem, since the tool can't review what it can't read,
|
||||||
|
but at least it halts with a cleaner error message.
|
||||||
|
|
||||||
2007-01-15 cmorgan <cmorgan47, at earthlink dooot net>
|
2007-01-15 cmorgan <cmorgan47, at earthlink dooot net>
|
||||||
* Fixed Debian bug #271287 (flawfinder). See:
|
* Fixed Debian bug #271287 (flawfinder). See:
|
||||||
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271287
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271287
|
||||||
|
|
|
@ -9,9 +9,9 @@
|
||||||
<body>
|
<body>
|
||||||
<h1>Flawfinder Results</h1>
|
<h1>Flawfinder Results</h1>
|
||||||
Here are the security scan results from
|
Here are the security scan results from
|
||||||
<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.25</a>,
|
<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
|
||||||
(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
|
(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
|
||||||
Number of dangerous functions in C/C++ ruleset: 137
|
Number of dangerous functions in C/C++ ruleset: 158
|
||||||
<p>
|
<p>
|
||||||
Examining test.c <br>
|
Examining test.c <br>
|
||||||
Examining test2.c <br>
|
Examining test2.c <br>
|
||||||
|
@ -256,9 +256,9 @@ Lines analyzed = 118
|
||||||
<br>
|
<br>
|
||||||
Physical Source Lines of Code (SLOC) = 80
|
Physical Source Lines of Code (SLOC) = 80
|
||||||
<br>
|
<br>
|
||||||
Hits @ level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 <br>
|
Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 <br>
|
||||||
Hits @ level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 <br>
|
Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 <br>
|
||||||
Hits/KSLOC @ level+ = [0+] 450 [1+] 450 [2+] 338 [3+] 250 [4+] 213 [5+] 88 <br>
|
Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 <br>
|
||||||
Suppressed hits = 2 (use --neverignore to show them)
|
Suppressed hits = 2 (use --neverignore to show them)
|
||||||
<br>
|
<br>
|
||||||
Minimum risk level = 1
|
Minimum risk level = 1
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Flawfinder version 1.25, (C) 2001-2004 David A. Wheeler.
|
Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
|
||||||
Number of dangerous functions in C/C++ ruleset: 137
|
Number of dangerous functions in C/C++ ruleset: 158
|
||||||
Examining test.c
|
Examining test.c
|
||||||
Examining test2.c
|
Examining test2.c
|
||||||
test.c:32: [5] (buffer) gets:
|
test.c:32: [5] (buffer) gets:
|
||||||
|
@ -130,9 +130,9 @@ test.c:66: [1] (buffer) MultiByteToWideChar:
|
||||||
Hits = 36
|
Hits = 36
|
||||||
Lines analyzed = 118
|
Lines analyzed = 118
|
||||||
Physical Source Lines of Code (SLOC) = 80
|
Physical Source Lines of Code (SLOC) = 80
|
||||||
Hits @ level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
|
Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
|
||||||
Hits @ level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
|
Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
|
||||||
Hits/KSLOC @ level+ = [0+] 450 [1+] 450 [2+] 338 [3+] 250 [4+] 213 [5+] 88
|
Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5
|
||||||
Suppressed hits = 2 (use --neverignore to show them)
|
Suppressed hits = 2 (use --neverignore to show them)
|
||||||
Minimum risk level = 1
|
Minimum risk level = 1
|
||||||
Not every hit is necessarily a security vulnerability.
|
Not every hit is necessarily a security vulnerability.
|
||||||
|
|
|
@ -1242,12 +1242,16 @@ def process_c_file(f, patch_infos):
|
||||||
if f == "-":
|
if f == "-":
|
||||||
input = sys.stdin
|
input = sys.stdin
|
||||||
else:
|
else:
|
||||||
# This should never happen.
|
# Symlinks should never get here, but just in case...
|
||||||
if ((not allowlink) and os.path.islink(f)):
|
if ((not allowlink) and os.path.islink(f)):
|
||||||
print "BUG! Somehow got a symlink in process_c_file!"
|
print "BUG! Somehow got a symlink in process_c_file!"
|
||||||
num_links_skipped = num_links_skipped + 1
|
num_links_skipped = num_links_skipped + 1
|
||||||
return
|
return
|
||||||
input = open(f, "r")
|
try:
|
||||||
|
input = open(f, "r")
|
||||||
|
except:
|
||||||
|
print "Error: failed to open", h(f)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
# Read ENTIRE file into memory. Use readlines() to convert \n if necessary.
|
# Read ENTIRE file into memory. Use readlines() to convert \n if necessary.
|
||||||
# This turns out to be very fast in Python, even on large files, and it
|
# This turns out to be very fast in Python, even on large files, and it
|
||||||
|
|
Loading…
Reference in New Issue